The MIT-SHM update in 4.2.1 is incomplete as the case where the
X server is started from xdm was not handled. A more complete fix
from the XFree86 trunk was committed to the xf-4_2-branch
branch.
A
source patch against 4.2.1 is available on the XFree86 FTP
site.

4.2.1:

Fix a zlib bug that may have security implications on some
platforms.

MIT-SHM update should not access SHM segments which the
client does not have sufficient access privileges.

Fix an Xlib problem which made it possible to load and
execute arbitrary code in privileged clients.

4.2.0:

Close a hole where anyone can connect to the X server if the
xdm auth dir does not exist.

Do not let a non-root user halt the machine by having X
send SIGUSR1 to the init(8) process.

Fix a buffer overflow in glyph clipping for large origin.

4.1.0:

Fix authentication issues with mmap() on drm devices.

Check for negative reply length/overflow in _XAsyncReply.

Plug kernel security hole in Linux int10

Fix temp files vulnerabilities in xman, Xaw and man page
installation

4.0.1:

Fix an XSecurity extension bug that could cause an X server
DoS.

Fix a possible overflow in xkb options parsing.

Fixed recently publicized security issues in some of the X
libraries, including: a possible libICE DoS, a possible xdmcp DoS,
and some potentially exploitable integer overflows.